Home network technology standards such as powerline (e.g. G.hn) provide for the interconnection of household appliances. However, when using unsecured media such as powerline, Ethernet, WiFi, Bluetooth, etc. data transmissions can be readily intercepted by other parties and comprised if unprotected. To ensure privacy is maintained, some form of encryption should be used when transmitting data over an unsecure medium. Full end-to-end encryption is often complicated to setup and maintain. This is especially true for persons without a technical background who tend to underestimate the risks and often do not understand data transmissions may be unsecure. Such security concerns also exist in WLAN (wireless local area network).
Powerline and other types of network accessible electronic devices are conventionally configured using a personal computer and special software which generates a user encryption key for a particular connection. With this approach, a personal computer is needed to make the device operational. Special software also needs to be installed for use in configuring the device. Today more and more personal computers are replaced by smartphones or internet tablets which cannot use personal computer software. Also it is difficult for many end users to understand the need to connect a new device to a personal computer before it can be used. The personal computer based setup process is even more frustrating if the device has no obvious connection to a computer e.g. such as for a coffee machine or a sound system.
Other connection setup variants typically use some form of a WPS (Wi-Fi protected setup) mechanism. In such a case a button at the device is pressed, placing the device in a connection setup mode which allows the exchange of security keys for a certain time frame. Upon successful completion of the connection setup process, the device can operate in a secured mode. With this approach the key exchange is performed over an unsecure medium, and therefore can be intercepted by a hacker. The hacker can use the ill-gotten security keys to implement a so-called ‘man-in-the-middle’ attack and listen to the transmitted data unbeknownst to the end user.